Commit 53c31531 authored by Wayne Beaton's avatar Wayne Beaton
Browse files

Add some issue templates


Signed-off-by: Wayne Beaton's avatarWayne Beaton <wayne.beaton@eclipse-foundation.org>
parent d6fb1ac2
<!--
Delete this comment before you submit.
We need:
* The name of the impacted project and product;
* A description of the versions impacted (which may include ranges);
* A Common Weakness Enumeration (CWE) code;
* A one or two sentence summary of the issue which clearly identifies the Eclipse project/product and impacted versions; and
* Links for more information.
Additional information can be provided, including (for example) a Common Vulnerability Scoring System (CVSS) code.
Use the project's Eclipse Foundation ID, e.g., "technology.dash".
Specify the version range as precisely as possible, e.g., "[3.0, 3.5.1]" or "[3.0, 3.5.1)".
The Common Weakness Enumeration (CWE) code comes from here: https://cwe.mitre.org/, e.g., "CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')".
The summary should start with the name of the project, e.g., "Eclipse Vert.x", then a description of the affected versions, followed by a description of the problem. The summary should be concise. For example,
"In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response
headers and HttpClient request headers do not filter carriage return and
line feed characters from the header value. This allow unfiltered values
to inject a new header in the client request or server response."
Include a link to the issue that's being used to track/resolve the issue along with other links that provide more information (when available).
Note that a vulnerability does not need to actually be resolved before it is reported and that these reports can be revised as needed (reopen the issue to request changes).
-->
project: projectId
version: [3.0, 3.5.1]
cwe: CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')
summary: In Eclipse Vert.x version 3.0 to 3.5.1, the HttpServer response
headers and HttpClient request headers do not filter carriage return and
line feed characters from the header value. This allow unfiltered values
to inject a new header in the client request or server response."
links:
* one
* two
/title "CVE Assignment Request"
/confidential
/label ~"CVE Assignment"
/assign @wbeaton
Describe the issue that you're having with Eclipse Management Organization process.
/label ~"Process"
/assign @wbeaton
# emo # Eclipse Management Organization
This repository is used to track issues involving the EMO, including matters pertaining to the implementation of the Eclipse Foundation Development Process (EDP), Eclipse Foundation Specification Process (EFSP), and Eclipse IP Policy. This repository is used to track issues involving the Eclipse Management Organization (EMO), including matters pertaining to the implementation of the Eclipse Foundation Development Process (EDP), Eclipse Foundation Specification Process (EFSP), and Eclipse IP Policy.
\ No newline at end of file
The [Eclipse Foundation Project Handbook](https://www.eclipse.org/projects/handbook) is a primary source of information regarding the operation of Eclipse Foundation open source projects; it contains a lot of helpful reference information for project teams that are implementing the Eclipse Development Process.
Use this repository's issue tracker to create issues for:
- [Request a process change or clarification](https://gitlab.eclipse.org/eclipsefdn/iplab/emo/-/issues/new?issuable_template=process)
- [Request a CVE](https://gitlab.eclipse.org/eclipsefdn/iplab/emo/-/issues/new?issuable_template=cve)
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment